Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper
1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware attacks.…
This isn't really a surprise considering how the system was supposed to work.
The idea is that network administrators would also be aware of any CVEs for their products that are actively being exploited in the wild, and patching their systems accordingly. The netsec community is one about sharing information. If this list did not exist, then those vulnerabilities would mostly only be shared by the attackers in back channels, making the admins even less equipped to deal with an attack.
If you are responsible for patching internet-exposed services then it behooves you to keep an eye on lists like this. If you can't keep up with that, then don't expose those services publicly.